FACT FILE: HIPAA breach definition
In general, the term “breach” means the unauthorized acquisition, access, use, or disclosure of protected health information which compromises the security or privacy of such information, except where an unauthorized person to whom such information is disclosed would not reasonably have been able to retain such information.
But there are exceptions. A breach does not include unintentional acquisition, access, or use of protected health information by an employee or individual acting under the authority of a covered entity or business associate under the following conditions:
• If the acquisition, access or use was made in good faith;
• It was within the course and scope or other professional relationship of such employee or individual, with the covered entity or business associate; and
• The information is not further acquired, accessed, used or disclosed by any person.
HIPAA also forgives inadvertent disclosure from an individual who is otherwise authorized to access protected health information to another similarly situated individual at the same facility, as long as the information is not further acquired, accessed, used or disclosed without authorization.
Source: HIPAA.com
In the Scope of Virtual Health and the Future of “Website” Manner, Per Ateev Mehrotra
August 10th 2023Briana Contreras, an editor of Managed Healthcare Executive, had the pleasure of catching up with MHE Editorial Advisory Board Member, Ateev Mehrotra, MD, MPH, who is a professor of healthcare policy at Harvard Medical School and an Associate Professor of Medicine and Hospitalist at Beth Israel Deaconess Medical Center.
Listen
